Enable javascript in your browser for better experience. Need to know to enable it? Go here.
关闭
Ask Tai
Ask Tai
Download
Tools Back
Published : Mar 29, 2022
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Mar 2022
Assess ?

保证软件供应链的安全性已经得到交付团队的普遍关注,这种关注也反映在越来越多的新工具涌现在该领域中。Grype 就是一个新的针对 Docker 和 OCI 镜像进行漏洞扫描的轻量级工具。它可以以二进制文件安装,能在镜像被推至仓库前对其进行扫描,而且不需要在你的构建服务器上运行 Docker 守护进程。Grype 与 Syft 出自同一个团队,后者用于为容器镜像生成不同格式的软件物料清单 。Grype 可以使用 Syft 输出的软件物料清单扫描安全漏洞。

Download the PDF

 

 

 

English | Português 

Sign up for the Technology Radar newsletter

 

 

Subscribe now

Visit our archive to read previous volumes

Go to archive